"iOS Tips-13" iOS Device Capture package method

It is an important method of client-side testing to grab the packet. This article focuses on several commonly used methods of grasping for iOS devices (iphone, ipad, and Ipodtouch).

I. Conditions of preparation

The device that needs to be caught must go through root, commonly known as jailbreak, mainly using redsn0w and various iosfirmwares, such as jailbreak without replacing the firmware version, just use Redsn0w installation Cydia, there is a detailed online tutorial, omitted here. After installation, start Cydia in 3G or WiFi environment, confirm the identity as "developer", such as.

With the Cydia source, users can download and install software that is more privileged than appstore, but when downloading a program in the Cydia source, the iOS device will interrupt the download if it is latched on. We can prevent standby by setting the time to never in set-general-auto-lock. In addition, if you have a classmate found in the simplified Chinese environment using the Cydia search will flash back, please do not panic, see the Appendix to solve the problem.

The device after root, such as not change the password in time, easy to be destroyed by others your system, so as one of the preparation conditions for the capture package, please change the root password, the initial password is Alpine, can be accessed via SSH connection or directly on the iOS device mobileterminal on the password modification.

Second, the way of grasping the package

method 1:ssh Connection Access iOS device grab (via USB)-- Highly Recommended

"Ready to Work"

Installing Tcpdump on iOS devices (see appendix)

Iphonetunnel installed on PC (integrated terminal Tools Putty feature, free install version nearby)

"Action Steps"

1. Connect the phone and PC with USB cable, make sure the phone is connected correctly, start Iphonetunnel, green light indicates tunnelstatus is normal, click launchterminal button to ssh into mobile phone, such as;

2.Putty A prompt window appears, if you do not use SSH frequently, please click "No", such as;

3. Putty will then attempt to log on to the device as root and enter the root password;

4. Use tcpdump to grab the bag (see appendix), e.g..

"Method Reviews"

Via USB direct SSH into the device, regardless of whether the device in the WiFi or 2g/3g, can be grabbed, and the use of simple, method without limitations, it is worth using.

Method 2:ssh Connect Access iOS device Grab bag (via WiFi)

"Ready to Work"

Installing Tcpdump on iOS devices (see appendix)

Install putty on your PC (in the vicinity for a free-to-install version)

Your iOS device is connected to a WiFi network and is on the same network as your PC, and you can use your PC as a hotspot virtual WiFi network to connect to your iOS device, if you have no WiFi network

"Action Steps"

1. View the IP address on your iOS device (set Wi-Fi, click the small arrow to the right of connected WiFi);

2. Click Putty, enter the IP address of the device, and select the connection type of SSH, click Open, such as;

3. The following operations are the same as the 2-4 steps of Method 1.

"Method Reviews"

Putty is via WiFi ssh into the phone, must know the IP address of the phone, if the phone does not have WiFi can not use this method, so this method has certain limitations.

Method 3: Operate the clutch directly on the terminal

"Ready to Work"

Install Mobileterminal, tcpdump on iOS devices (see appendix)

"Action Steps"

1. Click on the device desktop "teminal" icon;

2. Switch to the root user login;

3. Use tcpdump to grab the bag (see appendix), e.g..

"Method Reviews"

Not restricted by the network conditions, but because it is operating on the end of the bag, iOS devices, mobileterminal cut to the background will no longer work, so the capture method is less feasible, however, mobileterminal for the terminal tester is still a very useful tool.

Third, export and other

After the Pcap file is generated, you can download the file to your PC via the 91 mobile phone Assistant (iOS version) and then open the file with Wireshark or ethereal to analyze the message.

Iv. Appendices

1. How to solve the problem of Cydia search flash-back in Chinese environment

First change the system language to English, then enter Cydia, add the first Chinese source (HTTP// apt.178.com), add the source method as follows: Enter the Cydia, click Manage, then click on the source, click on the upper right corner of the edit, then click on the upper left corner of Add, enter the source address, click Add, Warning, point still added. Wait list refresh complete, return cydia after manage> first Chinese source find ios5cydia Chinese crash fix patch installation, such as. You can use the Cydia search function normally after switching the system to Simplified Chinese again.

2.OpenSSH Installation

OpenSSH provides server-side daemon and client tools to encrypt data in remote control and file transfer processes. After installation, the user can use the PC to control the terminal via remote access. You can find OpenSSH by starting the "search" in the lower right corner of the Cydia. Go to the Installation page and click Install in the top right corner to complete the installation, such as.

3. Mobileterminal Installation

Mobileterminal is a terminal management software used on iOS devices that manages iOS devices in a non-graphical interface similar to the command line, and runs independently of OpenSSH or Telnet and is a standalone app that runs on the system. Enter Cydia After the first Chinese source under the manage> to find a system to adapt to the mobileterminal and installation, such as.

4.tcpdump Installation

91 Mobile Phone Assistant (iOS version) can be installed on the terminal tcpdump,:http://apt.saurik.com/debs/if you are unsure which one to use for your phone, you can install the TCP installation package in the attachment.

If you perform tcpdump prompt libpcap error after installation, you need to install LIBPCAP, if you are unsure which one is suitable for your phone, you can install the Lib installation package in the attachment.

Use of tcpdump on 5.ios devices

For some iOS devices, such as iphone and ipad, can either access WiFi, or access to 2g/3g, when using the tcpdump command, please pay attention to the type of network port, WiFi access card is En0, and 2g/3g when the network card is PDP_IP0, The default is PDP_IP0 when the NIC is not specified. For example,

WiFi under Grab bag tcpdump-i en0-x-s0-wdata.pcap

2G/3G under Grab bag tcpdump-i pdp_ip0-x-s0-w data.pcap or tcpdump-x-s0-w data.pcap

Wu, Q&a

(Ⅰ) What to do if you are prompted for "serverunexpectedly Closed Network Connection" When SSH connects to an iOS device?

A: You can try to solve the problem by reinstalling the OpenSSH.

(Ⅱ) What should I do if I execute tcpdump after installing the TCP installation package and the LIB installation package?

A: It is possible that the Libcrypto.0.9.8.dylib file is missing and can be copied from other iOS device Usr/lib path to the local computer.

iOS Tips-13 iOS device capture method